[Freeipa-users] Help regarding Basic FreeIPA setup

Chandan Kumar chandank.kumar at gmail.com
Tue May 15 16:14:17 UTC 2012 

The kinit does show that the keys are there.

[root at ipaserver ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.COM

Valid starting     Expires            Service principal
05/15/12 09:13:35  05/16/12 09:13:32  krbtgt/EXAMPLE.COM at EXAMPLE.COM




Thanks
Chandan





On Tue, May 15, 2012 at 7:35 AM, Chandan Kumar <chandank.kumar at gmail.com>wrote:

> Hi,
> I am running the default Firefox that comes with centos 6.2 . I guess that
>  Whatever time I do kinit it just does not working for me even for single
> time.
>
> Also it shows as that I am logged in as user at freeipa.org.... In the main
> back ground web page. Not sure whether it's relevant with this error.
>
>
> On Monday, 14 May 2012, Steven Jones wrote:
>
>>  Hi,
>>
>>
>>
>> I have run it on Macosx and RHEL6.2, firefox and chrome, safari wont
>> connect but thats a safari issue Im sure.
>>
>>
>>
>> After running "kinit admin" I find the kerberos ticket expires about 24
>> hours later so you have to renew?  What you can do if it simply wont
>> work is get IPA to fall back to asking for a password, which is what I have
>> had to set for Windows 7 firefox users.
>>
>>
>>
>> It might depend on which version of firefox, 3 and 10 do work......I
>> think RH say firefox 10 is the long term supported version for them so I'd
>> run that at least.
>>
>>
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>   ------------------------------
>> *From:* freeipa-users-bounces at redhat.com [
>> freeipa-users-bounces at redhat.com] on behalf of Chandan Kumar [
>> chandank.kumar at gmail.com]
>> *Sent:* Tuesday, 15 May 2012 9:25 a.m.
>> *To:* dpal at redhat.com
>> *Cc:* freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] Help regarding Basic FreeIPA setup
>>
>>
>> System: Centos 6.2
>> IPA version : ipa-server-2.1.3-9.el6.x86_64
>>
>>
>> Thanks
>> Chandan
>>
>>
>>
>>
>>
>> On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal <dpal at redhat.com> wrote:
>>
>>> **
>>>  On 05/14/2012 05:09 PM, Chandan Kumar wrote:
>>>
>>> I am a newbie in IPA and was experimenting it on my couple of VMs before
>>> considering it for production level.
>>>
>>> Installation went fine, however, I am getting the kerberos key
>>> expiration error at firefox. I am running firefox on the same machine where
>>> I have installed/configured ipa-server. On googling and some help in IRC I
>>> checked documentation to trouble shoot it as this appear to be a known
>>> problem.
>>>
>>> Moreover, I did follow
>>>
>>> http://freeipa.org/page/InstallAndDeploy
>>> http://freeipa.org/page/TroubleshootingGuide
>>>
>>> Fire fox logs
>>>
>>> 1977841888[7fc789f5b040]:   leaving nsAuthGSSAPI::GetNextToken
>>> [rv=80004005]
>>> -1977841888[7fc789f5b040]:   using REQ_DELEGATE
>>> -1977841888[7fc789f5b040]:   service = ipaserver.example.com
>>> -1977841888[7fc789f5b040]:   using negotiate-gss
>>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()
>>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()
>>> -1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials()
>>> [challenge=Negotiate]
>>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()
>>> -1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified
>>> GSS failure.  Minor code may provide more information
>>> SPNEGO cannot find mechanisms to negotiate
>>> -1977841888[7fc789f5b040]:   leaving nsAuthGSSAPI::GetNextToken
>>> [rv=80004005]
>>>
>>> [root at ds var]# klist
>>> Ticket cache: FILE:/tmp/krb5cc_0
>>> Default principal: admin at EXAMPLE.COM
>>>
>>> Valid starting     Expires            Service principal
>>> 05/14/12 13:50:32  05/15/12 13:50:30  krbtgt/EXAMPLE.COM at EXAMPLE.COM
>>> 05/14/12 13:53:58  05/15/12 13:50:30  HTTP/
>>> ipaserver.example.com at EXAMPLE.COM
>>> 05/14/12 13:54:13  05/15/12 13:50:30  ldap/
>>> ipaserver.example.com at EXAMPLE.COM
>>> [root at ds var]#
>>>
>>> Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin
>>>
>>> at http://fpaste.org/9hXX/
>>>
>>> I am not sure what I am missing though. Appreciate any help.
>>>
>>> Thanks
>>> Chandan
>>>
>>>
>>>
>>>
>>>  Are you running FF on windows?
>>> Which version of IPA are you using?
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IPA project,
>>> Red Hat Inc.
>>>
>>>
>>> -------------------------------
>>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>>
>
> --
> Sent from my iPad
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120515/89f49d54/attachment.htm>

More information about the Freeipa-users mailing list